lynx-dev Re: lynx: ftp anonymous password

[Eduardo Pérez]

On 2002-02-15 08:13:00 -0800, Doug Kaufman wrote:
> On Fri, 15 Feb 2002, Eduardo Pérez wrote:
> > I've seen that lynx sends the user name when doing ANONYMOUS ftp gets.
> > I see a lot of problems:
> > - Sending the user name if the user doesn't know that it's sent doesn't 
> > protect the user state of ANONYMOUS
> > - Spyware is not a good idea, most users don't like it.
> > - Sending the user name helps SPAM instead of stopping it. Many ftp sites 
> > use this information to send you unsolicited email.
> > - Sending the user name doesn't help ftp sites to know who the cracker is, 
> > crackers are not stupid to send their email address.
> > - Sending the user name can be used to discriminate the user.
> 
> Perhaps I am old fashioned or I don't see the risks listed above, but
> I don't see that this patch is a good idea. If we are to request free
> use of the server's resources and they request our email address for
> that use, it seems impolite not to supply it. There are still a few
> servers who will not allow access if an invalid domain is given. My
> specific comments about the above concerns:

If that servers don't let this ftp anonymous password, they also
 don't allow clients like Internet Explorer or Netscape Communicator.
These moved to this password because of these problems.
Not a good idea because this are the most used ftp clients.

> If you are really concerned about anonymity, using lynx from your own
> IP address without going through some anonymizing proxy doesn't make
> sense either

I'm concerned about privacy. But users should know that lynx is
leaking personal information.

> By no stretch of the imagination does sending your email address
> constitute "spyware" in the usual meaning of the word. Calling this
> spyware confuses the spyware issue and may make it harder to fight true
> spyware.
> 
> Are there data that "many ftp sites" use the login data to send
> unsolicited email?

If there is I really don't want to know.

> Sending the email address is not supposed to help fight crackers. This
> argument seems irrelevant.

So what's the email address for?  SPAM?

> FTP sites certainly have the right to exclude users who have abused
> their services. I am not sure I call this discrimination.

OK, but they should do it in an intelligent way. Using the IP address.

> Lynx users can always specify an invalid personal address in the option
> menu if they don't want their true email address to be sent. 

That should be called anonymous ftp password.

> What do they say about this topic in the news.admin.net-abuse.*
> newsgroups? Is there documentation of abuse to justify this change? If
> so, I will withdraw objections, but I would like to see some data first.

Only old ftp clients, do send the email address. As SPAM is taken seriously.

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden